network security Flashcards
\what are the security processes (AAA)
authentication
authorisation
accounting
authentication def
(deploys robust MFA multi-factor authentication process to) verify that users are who they claim to be
authorisation
(deploy processes to) verify that users have permission to access/modidfy the resources they are attempting to access/modify
accounting
- processes that track & rec activities & actions taking place on the network/its comp systems & detects suspicious activity (IDS)
- these activity logs can facilitate investigation in the case of network/data breach & aid accountability
authentication methods
- password (‘smth uk’)
- MFA, multi-factor authentication (‘smth u hv’, like security token, OTP one-time pw)
- biometrics (‘smth u are’)
- digital certificates
firewall (authorisation)
- blocks unauthorised access to network
- checks all inbound & outbound data packets against a set of rules
eg of how firewall works
- to disallow HTTP traffic into/out of network, firewall can block all packets using TCP transport protool w destination port (HTTP port num, 80)
- to prevent comp within the network frm communicating w eo, firewall can block all packets w private IP addresses as destination IP address
- to prevent comp outside network frm sending packets on unauthorised ports, firewall can block all packets, w public IP addresses as source IP & w destination port >1023
IDS (intrusion detection system)
device/software app that monitors network/systems for malicious activity/policy violations
BUT (unlike firewall)
IDS X prevent possibe intrusions, only signals an alarm upon detection
IPS (intrusion protection system)
system that actively takes steps to prevent an intrusion/atk when it identifies one
why IPS > firewall
- IPS hv greater capabilities than firewall: firewall can only filter packets based on info in packet headers BUT IPS can filter packets based on their payload (content) as well
- a more capable IPS can even analyse pattern of data packets to determine if atk is occurring (esp impt for DDoS)
asymmetric key encryption (cryptography) purpose
ensures only intended recipient of msg can read it
digital signature
(context: how to ensure data transmitted is secure against cyber threats)
- produced by sender of document to verify that contents are approved
- verifies authenticity of digital msg & gives confidence that msg came frm stated sender & X altered in transit
transport/socket layer security (TSL/SSL)
(context: how to ensure data transmitted secure against cyber threats)
- protocols that provide secure communication by using encryption to protect data transmitted
- once secure connection established, any data transmitted btwn client & server is encrypted & can be decrypted by intended recipient
explain how digital signature works
(context: explain what sending and receiving devices can do to detect any malicious alteration of a message, 4m)
- the sender hashes the message
- and encrypts the message hash using the sender’s private key to produce the -digital signature
- the digital signature is included with the original message
- recipient decrypts the digital signature using the sender’s public key
- recipient hashes the message using the same hash function
- recipient verifies that the hash message from the decrypted digital signature and the message hash are the same
(‘visualisation’)
sender
message hash = hash(message)
digital signature = encrypt(message hash, sender’s private key)
digital signature + org message (sent)
recipient
decrypted digital signature = decrypt(digital signature, sender’s public key)
message hash = hash(message)
verify that decrypted digital signature == message hash (same)
